[Secure-testing-commits] r52556 - data
Author: pochu Date: 2017-06-14 08:33:22 + (Wed, 14 Jun 2017) New Revision: 52556 Modified: data/dla-needed.txt Log: add firefox-esr to dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-06-14 06:38:43 UTC (rev 52555) +++ data/dla-needed.txt 2017-06-14 08:33:22 UTC (rev 52556) @@ -17,6 +17,8 @@ eglibc NOTE: Patch available, however not yet applied upstream. -- +firefox-esr (Emilio Pozuelo) +-- imagemagick (Roberto C. Sánchez) NOTE: Fixes for CVE-2017-9261, CVE-2017-9262, CVE-2017-9405, CVE-2017-9407, NOTE: CVE-2017-9409, CVE-2017-9439, CVE-2017-9500, and CVE-2017-9501 have been ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52557 - data/CVE
Author: sectracker
Date: 2017-06-14 09:10:11 + (Wed, 14 Jun 2017)
New Revision: 52557
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-14 08:33:22 UTC (rev 52556)
+++ data/CVE/list 2017-06-14 09:10:11 UTC (rev 52557)
@@ -1,3 +1,21 @@
+CVE-2017-9614
+ RESERVED
+CVE-2017-9613
+ RESERVED
+CVE-2017-9612
+ RESERVED
+CVE-2017-9611
+ RESERVED
+CVE-2017-9610
+ RESERVED
+CVE-2017-9609
+ RESERVED
+CVE-2017-9608
+ RESERVED
+CVE-2017-9607
+ RESERVED
+CVE-2017-9606
+ RESERVED
CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as
distributed in ...)
TODO: check
CVE-2017-1000379
@@ -170,6 +188,7 @@
[stretch] - mruby (Minor issue)
[jessie] - mruby (Minor issue)
CVE-2017-9526 (In Libgcrypt before 1.7.7, an attacker who learns the EdDSA
session key ...)
+ {DSA-3880-1}
- libgcrypt20 1.7.6-2
- libgcrypt11 (Curve Ed25519 signing and verification
introduced in 1.6.0)
NOTE: master:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52558 - data
Author: lamby Date: 2017-06-14 11:02:53 + (Wed, 14 Jun 2017) New Revision: 52558 Modified: data/dla-needed.txt Log: Triage libsndfile for LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-06-14 09:10:11 UTC (rev 52557) +++ data/dla-needed.txt 2017-06-14 11:02:53 UTC (rev 52558) @@ -55,6 +55,8 @@ NOTE: regression update, see: NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html -- +libsndfile +-- libxml2 (Thorsten Alteholz) NOTE: 20170528, patches suggested but not accepted, bugs not yet public -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52559 - data
Author: lamby Date: 2017-06-14 11:03:09 + (Wed, 14 Jun 2017) New Revision: 52559 Modified: data/dla-needed.txt Log: Claim libsndfile in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-06-14 11:02:53 UTC (rev 52558) +++ data/dla-needed.txt 2017-06-14 11:03:09 UTC (rev 52559) @@ -55,7 +55,7 @@ NOTE: regression update, see: NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html -- -libsndfile +libsndfile (Chris Lamb) -- libxml2 (Thorsten Alteholz) NOTE: 20170528, patches suggested but not accepted, bugs not yet public ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52560 - data/CVE
Author: lamby Date: 2017-06-14 11:04:29 + (Wed, 14 Jun 2017) New Revision: 52560 Modified: data/CVE/list Log: CVE-2015-8235/chicken: follow jessie and mark as minor issue. Modified: data/CVE/list === --- data/CVE/list 2017-06-14 11:03:09 UTC (rev 52559) +++ data/CVE/list 2017-06-14 11:04:29 UTC (rev 52560) @@ -58679,6 +58679,7 @@ NOT-FOR-US: Arista EOS CVE-2015-8235 (Directory traversal vulnerability in Spiffy before 5.4. ...) - chicken 4.10.0-1 + [wheezy] - chicken (Minor issue) [jessie] - chicken (Minor issue) CVE-2015-8233 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...) NOT-FOR-US: Drupal theme ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52561 - data/CVE
Author: lamby Date: 2017-06-14 15:08:53 + (Wed, 14 Jun 2017) New Revision: 52561 Modified: data/CVE/list Log: Reverse order of chicken entries. Modified: data/CVE/list === --- data/CVE/list 2017-06-14 11:04:29 UTC (rev 52560) +++ data/CVE/list 2017-06-14 15:08:53 UTC (rev 52561) @@ -58679,8 +58679,8 @@ NOT-FOR-US: Arista EOS CVE-2015-8235 (Directory traversal vulnerability in Spiffy before 5.4. ...) - chicken 4.10.0-1 + [jessie] - chicken (Minor issue) [wheezy] - chicken (Minor issue) - [jessie] - chicken (Minor issue) CVE-2015-8233 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...) NOT-FOR-US: Drupal theme CVE-2015-8232 (The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52562 - data/CVE
Author: fgeek-guest Date: 2017-06-14 20:09:13 + (Wed, 14 Jun 2017) New Revision: 52562 Modified: data/CVE/list Log: NFU ESA-2017-031, ESA-2017-043 Modified: data/CVE/list === --- data/CVE/list 2017-06-14 15:08:53 UTC (rev 52561) +++ data/CVE/list 2017-06-14 20:09:13 UTC (rev 52562) @@ -14285,6 +14285,7 @@ RESERVED CVE-2017-4986 RESERVED + NOT-FOR-US: EMC CVE-2017-4985 RESERVED CVE-2017-4984 @@ -14295,6 +14296,7 @@ NOT-FOR-US: EMC Mainframe CVE-2017-4981 RESERVED + NOT-FOR-US: EMC CVE-2017-4980 (EMC Isilon OneFS is affected by a path traversal vulnerability that may ...) NOT-FOR-US: EMC CVE-2017-4979 (EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52563 - in data: . DSA
Author: jmm
Date: 2017-06-14 20:50:57 + (Wed, 14 Jun 2017)
New Revision: 52563
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
firefox DSA
Modified: data/DSA/list
===
--- data/DSA/list 2017-06-14 20:09:13 UTC (rev 52562)
+++ data/DSA/list 2017-06-14 20:50:57 UTC (rev 52563)
@@ -1,3 +1,6 @@
+[14 Jun 2017] DSA-3881-1 firefox-esr - security update
+ {CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751
CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758
CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774
CVE-2017-7775 CVE-2017-7776 CVE-2017- CVE-2017-7778}
+ [jessie] - firefox-esr 52.2.0esr-1~deb8u1
[14 Jun 2017] DSA-3880-1 libgcrypt20 - security update
{CVE-2017-9526}
[jessie] - libgcrypt20 1.6.3-2+deb8u3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-06-14 20:09:13 UTC (rev 52562)
+++ data/dsa-needed.txt 2017-06-14 20:50:57 UTC (rev 52563)
@@ -16,8 +16,6 @@
--
chromium-browser
--
-firefox-esr (probably jmm)
---
graphicsmagick
--
libytnef
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52564 - data/CVE
Author: sectracker
Date: 2017-06-14 21:10:14 + (Wed, 14 Jun 2017)
New Revision: 52564
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-14 20:50:57 UTC (rev 52563)
+++ data/CVE/list 2017-06-14 21:10:14 UTC (rev 52564)
@@ -1,3 +1,15 @@
+CVE-2017-9620
+ RESERVED
+CVE-2017-9619
+ RESERVED
+CVE-2017-9618
+ RESERVED
+CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack
exhaustion ...)
+ TODO: check
+CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack
exhaustion ...)
+ TODO: check
+CVE-2017-9615
+ RESERVED
CVE-2017-9614
RESERVED
CVE-2017-9613
@@ -257,8 +269,7 @@
- qemu-kvm
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html
-CVE-2017-9502
- RESERVED
+CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default
protocol ...)
- curl (Windows only)
CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in
the ...)
- imagemagick (low)
@@ -365,10 +376,10 @@
[jessie] - yara (Minor issue)
NOTE: https://github.com/VirusTotal/yara/issues/678
NOTE:
https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661
-CVE-2017-9464
- RESERVED
-CVE-2017-9463
- RESERVED
+CVE-2017-9464 (An open redirect vulnerability is present in Piwigo 2.9 and
probably ...)
+ TODO: check
+CVE-2017-9463 (The application Piwigo is affected by a SQL injection
vulnerability in ...)
+ TODO: check
CVE-2017-9460
RESERVED
CVE-2017-9459
@@ -2137,8 +2148,8 @@
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810
NOTE: edgebuffer scan converter was made default only in:
http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
NOTE: But the vulnerable code via base/gxscan.c, a new scan converter
introduced in 9.20 is present.
-CVE-2017-8907
- RESERVED
+CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.3 did not
...)
+ TODO: check
CVE-2017-8906 (An integer underflow vulnerability exists in pixel-a.asm, the
x86 ...)
- x265 (Affected code is not enabled)
NOTE:
https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common
@@ -5152,6 +5163,7 @@
RESERVED
CVE-2017-7778
RESERVED
+ {DSA-3881-1}
- graphite2 1.3.10-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
- firefox
@@ -5160,6 +5172,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778
CVE-2017-
RESERVED
+ {DSA-3881-1}
- graphite2 1.3.10-1
- firefox
- firefox-esr 52.2.0esr-1
@@ -5167,36 +5180,42 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
CVE-2017-7776
RESERVED
+ {DSA-3881-1}
- graphite2 1.3.10-1
- firefox
- firefox-esr 52.2.0esr-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
CVE-2017-7775
RESERVED
+ {DSA-3881-1}
- graphite2 1.3.10-1
- firefox
- firefox-esr 52.2.0esr-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
CVE-2017-7774
RESERVED
+ {DSA-3881-1}
- graphite2 1.3.10-1
- firefox
- firefox-esr 52.2.0esr-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
CVE-2017-7773
RESERVED
+ {DSA-3881-1}
- graphite2 1.3.10-1
- firefox
- firefox-esr 52.2.0esr-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
CVE-2017-7772
RESERVED
+ {DSA-3881-1}
- graphite2 1.3.10-1
- firefox
- firefox-esr 52.2.0esr-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
CVE-2017-7771
RESERVED
+ {DSA-3881-1}
- graphite2 1.3.10-1
- firefox
- firefox-esr 52.2.0esr-1
@@ -5233,6 +5252,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7765
CVE-2017-7764
RESERVED
+ {DSA-3881-1}
- firefox
- firefox-esr 52.2.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764
@@ -5265,18 +5285,21 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759
CVE-2017-7758
RESERVED
+ {DSA-3881-1}
- firefox
- firefox-esr 52.2.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758
CVE-2017-7757
RESERVED
+ {DSA-3881-1}
[Secure-testing-commits] r52565 - in data: . DLA
Author: lamby
Date: 2017-06-15 00:14:56 + (Thu, 15 Jun 2017)
New Revision: 52565
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-985-1 for libsndfile
Modified: data/DLA/list
===
--- data/DLA/list 2017-06-14 21:10:14 UTC (rev 52564)
+++ data/DLA/list 2017-06-15 00:14:56 UTC (rev 52565)
@@ -1,3 +1,6 @@
+[15 Jun 2017] DLA-985-1 libsndfile - security update
+ {CVE-2017-6892}
+ [wheezy] - libsndfile 1.0.25-9.1+deb7u3
[13 Jun 2017] DLA-984-1 tiff - security update
{CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404}
[wheezy] - tiff 4.0.2-6+deb7u14
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-06-14 21:10:14 UTC (rev 52564)
+++ data/dla-needed.txt 2017-06-15 00:14:56 UTC (rev 52565)
@@ -55,8 +55,6 @@
NOTE: regression update, see:
NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html
--
-libsndfile (Chris Lamb)
---
libxml2 (Thorsten Alteholz)
NOTE: 20170528, patches suggested but not accepted, bugs not yet public
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52566 - data/CVE
Author: carnil
Date: 2017-06-15 03:30:23 + (Thu, 15 Jun 2017)
New Revision: 52566
Modified:
data/CVE/list
Log:
Track source package names for CVE-2017-961{6,7}
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-15 00:14:56 UTC (rev 52565)
+++ data/CVE/list 2017-06-15 03:30:23 UTC (rev 52566)
@@ -5,8 +5,12 @@
CVE-2017-9618
RESERVED
CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack
exhaustion ...)
+ - wireshark
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
TODO: check
CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack
exhaustion ...)
+ - wireshark
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
TODO: check
CVE-2017-9615
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52567 - data/CVE
Author: carnil Date: 2017-06-15 03:44:58 + (Thu, 15 Jun 2017) New Revision: 52567 Modified: data/CVE/list Log: Add CVE-2017-9604/kmail Modified: data/CVE/list === --- data/CVE/list 2017-06-15 03:30:23 UTC (rev 52566) +++ data/CVE/list 2017-06-15 03:44:58 UTC (rev 52567) @@ -33,7 +33,10 @@ CVE-2017-9606 RESERVED CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...) - TODO: check + - kdepim + - kf5-messagelib + NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 + NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 CVE-2017-1000379 RESERVED CVE-2017-1000378 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52568 - data
Author: carnil Date: 2017-06-15 03:58:04 + (Thu, 15 Jun 2017) New Revision: 52568 Modified: data/dsa-needed.txt Log: Add graphite2 to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-06-15 03:44:58 UTC (rev 52567) +++ data/dsa-needed.txt 2017-06-15 03:58:04 UTC (rev 52568) @@ -18,6 +18,8 @@ -- graphicsmagick -- +graphite2 +-- libytnef -- linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52570 - data/CVE
Author: carnil Date: 2017-06-15 04:17:21 + (Thu, 15 Jun 2017) New Revision: 52570 Modified: data/CVE/list Log: Add CVE-2017-3140/bind9 Modified: data/CVE/list === --- data/CVE/list 2017-06-15 04:17:10 UTC (rev 52569) +++ data/CVE/list 2017-06-15 04:17:21 UTC (rev 52570) @@ -19144,6 +19144,10 @@ NOTE: https://kb.isc.org/article/AA-01496 CVE-2017-3140 [An error processing RPZ rules can cause named to loop endlessly after handling a query] RESERVED + - bind9 + NOTE: https://kb.isc.org/article/AA-01495 + NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7 + NOTE: http://www.openwall.com/lists/oss-security/2017/06/14/4 CVE-2017-3139 RESERVED - bind9 (RHEL6 specific) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52569 - data/CVE
Author: carnil Date: 2017-06-15 04:17:10 + (Thu, 15 Jun 2017) New Revision: 52569 Modified: data/CVE/list Log: Add CVE-2017-3141/bind9 Modified: data/CVE/list === --- data/CVE/list 2017-06-15 03:58:04 UTC (rev 52568) +++ data/CVE/list 2017-06-15 04:17:10 UTC (rev 52569) @@ -19140,7 +19140,9 @@ RESERVED CVE-2017-3141 RESERVED -CVE-2017-3140 + - bind9 (Affects only Windows systems) + NOTE: https://kb.isc.org/article/AA-01496 +CVE-2017-3140 [An error processing RPZ rules can cause named to loop endlessly after handling a query] RESERVED CVE-2017-3139 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52571 - data/CVE
Author: carnil Date: 2017-06-15 04:26:34 + (Thu, 15 Jun 2017) New Revision: 52571 Modified: data/CVE/list Log: Add reference to introducing change Modified: data/CVE/list === --- data/CVE/list 2017-06-15 04:17:21 UTC (rev 52570) +++ data/CVE/list 2017-06-15 04:26:34 UTC (rev 52571) @@ -19147,6 +19147,8 @@ - bind9 NOTE: https://kb.isc.org/article/AA-01495 NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7 + NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7 + NOTE: CVE-2017-3140 is introduced by the upstream change #4377 NOTE: http://www.openwall.com/lists/oss-security/2017/06/14/4 CVE-2017-3139 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52572 - in data: . CVE
Author: kanashiro
Date: 2017-06-15 04:44:55 + (Thu, 15 Jun 2017)
New Revision: 52572
Modified:
data/CVE/list
data/dla-needed.txt
Log:
mark otrs2 as not affected by CVE-2017-9324 in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-15 04:26:34 UTC (rev 52571)
+++ data/CVE/list 2017-06-15 04:44:55 UTC (rev 52572)
@@ -794,6 +794,7 @@
{DSA-3876-1}
- otrs2 5.0.20-1 (bug #864319)
[stretch] - otrs2 5.0.16-1+deb9u1
+ [wheezy] - otrs2 (does not affect version 3.1.7, only
3.3.x)
NOTE:
https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
NOTE:
https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3
CVE-2017-9323
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-06-15 04:26:34 UTC (rev 52571)
+++ data/dla-needed.txt 2017-06-15 04:44:55 UTC (rev 52572)
@@ -86,8 +86,6 @@
--
openexr
--
-otrs2 (Lucas Kanashiro)
---
postgresql-9.1 (Christoph Berg)
NOTE: maintainer will give it a try tomorrow (2017-05-28)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52573 - data/CVE
Author: carnil
Date: 2017-06-15 05:01:19 + (Thu, 15 Jun 2017)
New Revision: 52573
Modified:
data/CVE/list
Log:
Remove the "only 3.3.x" indication because any other later version is affected
as well
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-15 04:44:55 UTC (rev 52572)
+++ data/CVE/list 2017-06-15 05:01:19 UTC (rev 52573)
@@ -794,7 +794,7 @@
{DSA-3876-1}
- otrs2 5.0.20-1 (bug #864319)
[stretch] - otrs2 5.0.16-1+deb9u1
- [wheezy] - otrs2 (does not affect version 3.1.7, only
3.3.x)
+ [wheezy] - otrs2 (does not affect version 3.1.7)
NOTE:
https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
NOTE:
https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3
CVE-2017-9323
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52574 - data/CVE
Author: carnil Date: 2017-06-15 05:04:40 + (Thu, 15 Jun 2017) New Revision: 52574 Modified: data/CVE/list Log: Update status for CVE-2017-3140/bind9 Modified: data/CVE/list === --- data/CVE/list 2017-06-15 05:01:19 UTC (rev 52573) +++ data/CVE/list 2017-06-15 05:04:40 UTC (rev 52574) @@ -19145,7 +19145,7 @@ NOTE: https://kb.isc.org/article/AA-01496 CVE-2017-3140 [An error processing RPZ rules can cause named to loop endlessly after handling a query] RESERVED - - bind9 + - bind9 (Upstream change #4377 not backported/included) NOTE: https://kb.isc.org/article/AA-01495 NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7 NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52575 - data/CVE
Author: carnil Date: 2017-06-15 05:35:54 + (Thu, 15 Jun 2017) New Revision: 52575 Modified: data/CVE/list Log: Add advisory reference for CVE-2017-9604 Modified: data/CVE/list === --- data/CVE/list 2017-06-15 05:04:40 UTC (rev 52574) +++ data/CVE/list 2017-06-15 05:35:54 UTC (rev 52575) @@ -37,6 +37,7 @@ - kf5-messagelib NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 + NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt CVE-2017-1000379 RESERVED CVE-2017-1000378 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52576 - data/CVE
Author: carnil Date: 2017-06-15 05:49:06 + (Thu, 15 Jun 2017) New Revision: 52576 Modified: data/CVE/list Log: Add bug references for source packages of CVE-2017-9604 Modified: data/CVE/list === --- data/CVE/list 2017-06-15 05:35:54 UTC (rev 52575) +++ data/CVE/list 2017-06-15 05:49:06 UTC (rev 52576) @@ -33,8 +33,8 @@ CVE-2017-9606 RESERVED CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...) - - kdepim - - kf5-messagelib + - kdepim (bug #864804) + - kf5-messagelib (bug #864803) NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52577 - data/CVE
Author: carnil Date: 2017-06-15 05:52:35 + (Thu, 15 Jun 2017) New Revision: 52577 Modified: data/CVE/list Log: smb4k: Add reference to Sebastian Krahmer's writeup Modified: data/CVE/list === --- data/CVE/list 2017-06-15 05:49:06 UTC (rev 52576) +++ data/CVE/list 2017-06-15 05:52:35 UTC (rev 52577) @@ -2297,6 +2297,7 @@ - smb4k 1.2.1-2 (bug #862505) NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3 NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt + NOTE: https://github.com/stealth/plasmapulsar NOTE: smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e NOTE: smb4k 1.2.3: https://commits.kde.org/smb4k/71554140bdaede27b95dbe4c9b5a028a83c83cce CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52578 - data/CVE
Author: carnil
Date: 2017-06-15 05:53:49 + (Thu, 15 Jun 2017)
New Revision: 52578
Modified:
data/CVE/list
Log:
Update CVE-2017-946{3,4}
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-15 05:52:35 UTC (rev 52577)
+++ data/CVE/list 2017-06-15 05:53:49 UTC (rev 52578)
@@ -385,9 +385,9 @@
NOTE: https://github.com/VirusTotal/yara/issues/678
NOTE:
https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661
CVE-2017-9464 (An open redirect vulnerability is present in Piwigo 2.9 and
probably ...)
- TODO: check
+- piwigo
CVE-2017-9463 (The application Piwigo is affected by a SQL injection
vulnerability in ...)
- TODO: check
+- piwigo
CVE-2017-9460
RESERVED
CVE-2017-9459
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52579 - in data: CVE DLA
Author: carnil
Date: 2017-06-15 06:00:53 + (Thu, 15 Jun 2017)
New Revision: 52579
Modified:
data/CVE/list
data/DLA/list
Log:
Update information for CVE-2015-9097
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-15 05:53:49 UTC (rev 52578)
+++ data/CVE/list 2017-06-15 06:00:53 UTC (rev 52579)
@@ -150,8 +150,6 @@
RESERVED
CVE-2017-9552 (A design flaw in authentication in Synology Photo Station
6.0-2528 ...)
NOT-FOR-US: Synology Photo Station
-CVE-2015-9097 (The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail
Library) is ...)
- TODO: check
CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command
injection ...)
TODO: check
CVE-2017-9551
@@ -56135,10 +56133,8 @@
- foomatic-filters 4.0.17-7 (bug #807993)
NOTE:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2
-CVE-2015- [ruby-mail: SMTP injection via recipient email addresses]
+CVE-2015-9097 [ruby-mail: SMTP injection via recipient email addresses]
- ruby-mail 2.6.1+dfsg1-1
- [wheezy] - ruby-mail 2.4.4-2+deb7u1
- NOTE: Workaround entry for DLA-489-1 (since no CVE for this issue)
NOTE:
https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/12/11/3
NOTE: Fixed in 2.6.0
Modified: data/DLA/list
===
--- data/DLA/list 2017-06-15 05:53:49 UTC (rev 52578)
+++ data/DLA/list 2017-06-15 06:00:53 UTC (rev 52579)
@@ -1509,6 +1509,7 @@
{CVE-2014-5015 CVE-2015-8212}
[wheezy] - bozohttpd 2018-1+deb7u1
[25 May 2016] DLA-489-1 ruby-mail - security update
+ {CVE-2015-9097}
[wheezy] - ruby-mail 2.4.4-2+deb7u1
[25 May 2016] DLA-488-1 xymon - security update
{CVE-2016-2054 CVE-2016-2055 CVE-2016-2056 CVE-2016-2058}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52580 - data/CVE
Author: carnil Date: 2017-06-15 06:07:10 + (Thu, 15 Jun 2017) New Revision: 52580 Modified: data/CVE/list Log: Add CVE-2017-2810/python-tablib Modified: data/CVE/list === --- data/CVE/list 2017-06-15 06:00:53 UTC (rev 52579) +++ data/CVE/list 2017-06-15 06:07:10 UTC (rev 52580) @@ -20104,7 +20104,8 @@ CVE-2017-2811 RESERVED CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...) - TODO: check + - python-tablib + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307 CVE-2017-2809 RESERVED CVE-2017-2808 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52581 - data/CVE
Author: carnil Date: 2017-06-15 06:20:24 + (Thu, 15 Jun 2017) New Revision: 52581 Modified: data/CVE/list Log: Add reference to fixing commit for CVE-2017-2810 Modified: data/CVE/list === --- data/CVE/list 2017-06-15 06:07:10 UTC (rev 52580) +++ data/CVE/list 2017-06-15 06:20:24 UTC (rev 52581) @@ -20105,6 +20105,7 @@ RESERVED CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...) - python-tablib + NOTE: Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307 CVE-2017-2809 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
